services: add guix service, for running the guix daemon

1 files changed, 105 insertions, 0 deletions

diff --git a/modules/services/guix.nix b/modules/services/guix.nix
new file mode 100644
index 00000000..e04c03b7
--- /dev/null
+++ b/modules/services/guix.nix
@@ -0,0 +1,105 @@
+{ config, lib, pkgs, ... }:
+# https://www.gnu.org/software/guix/manual/en/html_node/Binary-Installation.html
+
+let
+  guixBinaryTar = pkgs.fetchurl {
+    url = "https://alpha.gnu.org/gnu/guix/guix-binary-0.16.0.x86_64-linux.tar.xz";
+    sha256 = "049l0zim30cd0gyly2h3jaw4cshdk78h7xdb9ac173h72i13afbj";
+  };
+
+  #*/
+  guixInstallScriptIdempotent = pkgs.writeScript "guix-install.sh" ''
+    #!/bin/sh
+    set -euo pipefail
+
+    # extract guix
+    if ! test -e /gnu; then
+      echo "INFO: installing guix"
+
+      tmp=$(mktemp -d)
+      pushd $tmp >/dev/null
+      export PATH=${pkgs.xz}/bin:$PATH
+      ${pkgs.gnutar}/bin/tar xf ${guixBinaryTar}
+      mkdir -p /var
+      cp -r ./var/guix /var
+      cp -r ./gnu /
+      popd >/dev/null
+
+      # XXX
+      # change the mtime of all compiled guile files,
+      # because tar in this script somehow changes the mtime
+      # of extracted files to the current time, and nobody knows
+      # why. If the sources are newer than the .go files, guile
+      # will try to recompile everything.
+      find /gnu/store/ -ipath "*guile*ccache*/*.go" | xargs touch -m
+    fi
+
+    # install root user profile
+    if ! test -e /root/.config/guix/current; then
+      mkdir -p /root/.config/guix
+      ln -s /var/guix/profiles/per-user/root/current-guix \
+        /root/.config/guix/current
+    fi
+
+    echo INFO: finished installing guix!
+  '';
+
+  guixBuildGroup = "guixbuilders";
+
+  guixBuildUser = id: {
+    name = "guix-build-user-${toString id}";
+    createHome = false;
+    description = "Guix build user ${toString id}";
+    extraGroups = [ guixBuildGroup ];
+    isSystemUser = true;
+  };
+
+  guixBuildUsers = numberOfUsers:
+    builtins.listToAttrs
+      (map (user: {
+        name = user.name;
+        value = user;
+      }) (builtins.genList guixBuildUser numberOfUsers));
+in
+{
+  options = {
+    vuizvui.services.guix.enable =
+      lib.mkEnableOption "the guix daemon and init /gnu/store";
+  };
+
+  config = lib.mkIf config.vuizvui.services.guix.enable {
+    users.users = guixBuildUsers 10;
+    users.groups = { "${guixBuildGroup}" = {}; };
+
+    systemd.services.guix-install = {
+      serviceConfig = {
+        ExecStart = guixInstallScriptIdempotent;
+        Type = "oneshot";
+      };
+    };
+
+    systemd.services.guix-daemon = {
+      serviceConfig = {
+        ExecStart = "/var/guix/profiles/per-user/root/current-guix/bin/guix-daemon --build-users-group=${guixBuildGroup}";
+        Environment = "GUIX_LOCPATH=/var/guix/profiles/per-user/root/guix-profix/lib/locale";
+        RemainAfterExit = true;
+        StandardOutput = "syslog";
+        StandardError = "syslog";
+        TasksMax = 8192;
+      };
+      wantedBy = [ "multi-user.target" ];
+      after = [ "guix-install.service" ];
+      wants = [ "guix-install.service" ];
+    };
+
+    environment.shellInit = ''
+      export GUIX_PROFILE="$HOME/.config/guix/current"
+      source $GUIX_PROFILE/etc/profile
+      export GUIX_LOCPATH="${pkgs.glibcLocales}/lib/locale"
+      export INFOPATH="$GUIX_PROFILE/share/info:$INFOPATH"
+
+      guix archive --authorize < \
+        /root/.config/guix/current/share/guix/ci.guix.info.pub
+    '';
+  };
+}